Winfixer 2005 Malware ? |
||
---|---|---|
#0
| ||
02.01.2006, 00:05
Member
Beiträge: 11 |
||
|
||
03.01.2006, 22:28
...neu hier
Beiträge: 1 |
#2
Hallo Sabina,
schlage mich auch mit dem Win Fixer rum. Vielleicht kannst Du mir ja weiterhelfen: Logfile of HijackThis v1.99.1 Scan saved at 22:09:21, on 03.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Programme\Norton AntiVirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\SMC\SMC.exe C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Creative\SBLive\Diagnostics\diagent.exe C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Programme\SurfAccuracy\SAcc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SMC\EZ Connect Wireless USB\WlanMonitor.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Harald\LOKALE~1\Temp\Rar$EX00.016\HijackThis.exe C:\Programme\Messenger\msmsgs.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetcologne.de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local> R3 - URLSearchHook: _URLHandler - {7FF23285-DBBC-49B6-818C-34AC459D5BB3} - C:\WINDOWS\system32\pidd.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AcctMgr] C:\Programme\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: EZ Connect Wireless USB Utility.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://F:\data\Hidinmon.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://F:\data\A9.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: bw+0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
|
|
||
05.01.2006, 14:18
Ehrenmitglied
Beiträge: 29434 |
#3
Katzenauge
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R3 - URLSearchHook: _URLHandler - {7FF23285-DBBC-49B6-818C-34AC459D5BB3} - C:\WINDOWS\system32\pidd.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe hat im autostart nichts verloren.... O18 - Protocol: bw+0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {4CADB3A2-1427-415B-B90E-5C7FCBE1EF48} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll PC neustarten stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html suchen/umbenennen in old C:\WINDOWS\system32\pidd.dll deinstallieren/loeschen C:\Programme\SurfAccuracy C:\Programme\YourSiteBar Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu ----------------------------------------------------------- multiavtool http://virus-protect.org/multiavtool.html klicke "3" McAfee -- es erscheint ein leeres DOS-Fenster. - man muss eingeben, was gescannt werden soll - C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen: - C:\Windows - C:\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.01.2006, 23:18
...neu hier
Beiträge: 2 |
#4
Hallo Sabina, meine Augen fallen zwar gleich zu, aber ich hoffe ich konnte bis zu diesem Schritt alles richtig machen.... hier nun mein note pad log was auch immer .-)
Logfile of HijackThis v1.99.1 Scan saved at 22:59:03, on 05.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Java\jre1.5.0_03\bin\jusched.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Save\Save.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\czRtM3Q\command.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\samet\Desktop\Yüksel\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - (no file) O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\System32\vtstt.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload114a.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135858405560 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135858394967 O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D629FADB-8820-47E1-A7BF-114EA32E22FD}: NameServer = 217.237.151.33 217.237.149.225 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\h6l20g3oe6.dll (file missing) O20 - Winlogon Notify: vtstt - C:\WINDOWS\System32\vtstt.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\czRtM3Q\command.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing) danke im voraus, hoffe ich weiß morgen noch, was ich eben gemacht hab... gruß aus berlin & g-n8! |
|
|
||
06.01.2006, 00:46
Ehrenmitglied
Beiträge: 29434 |
#5
shylocc
viel Hoffnung mache ich dir nicht...der PC ist sehr verseucht.... stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html kopiere hier die 4 Textdateien ( 3 monate vom Datum her genuegen) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.01.2006, 15:15
...neu hier
Beiträge: 2 |
#6
sabina
danke fuer die schnelle antwort! muss ich bei diesem hijack-this alles rot gefaerbte ankreuzen und auf "fix checked" klicken?? soll das alles entfernt werden? hier die vier textdateien.. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2468-F584 Verzeichnis von C:\WINDOWS\system32 06.01.2006 15:06 328.941 ttstv.ini2 06.01.2006 09:41 339.727 ttstv.bak2 06.01.2006 09:20 43.520 CmdLineExt03.dll 05.01.2006 22:40 0 lo2.txtt 05.01.2006 21:17 13.002 wpa.dbl 01.01.2006 22:31 8.464 sporder.dll 31.12.2005 14:22 3.534 jupdate-1.5.0_03-b07.log 30.12.2005 18:51 380.350 perfh009.dat 30.12.2005 18:51 52.764 perfc009.dat 30.12.2005 18:51 391.000 perfh007.dat 30.12.2005 18:51 63.580 perfc007.dat 30.12.2005 18:51 897.954 PerfStringBackup.INI 30.12.2005 18:47 92.680 FNTCACHE.DAT 29.12.2005 20:09 90 spupdwxp.log 29.12.2005 03:54 280.064 gdi32.dll 28.12.2005 19:42 143 mcrh.tmp 28.12.2005 03:13 12.980 wpa.bak 21.12.2005 11:40 328.659 ttstv.tmp 21.12.2005 11:40 328.608 ttstv.ini 10.12.2005 15:46 0 TFTP1636 09.12.2005 15:16 351.525 ttstv.bak1 09.12.2005 15:16 561.204 vtstt.dll 08.12.2005 16:25 2.723.680 MRT.exe 07.12.2005 18:05 716.800 divxdec.ax 07.12.2005 18:05 573.952 DivX.dll 07.12.2005 18:05 679.936 divx_xx07.dll 07.12.2005 18:05 679.936 divx_xx0c.dll 07.12.2005 18:05 663.552 divx_xx11.dll 05.12.2005 21:51 10.716 dsm_ja.qm 05.12.2005 21:51 15.331 dsm_de.qm 05.12.2005 21:51 15.172 dsm_fr.qm 05.12.2005 18:09 2.323.664 d3dx9_28.dll 05.12.2005 18:07 63.696 dxdllreg.exe 05.12.2005 18:07 61.136 xinput9_1_0.dll 05.12.2005 14:10 133.913 ntlc42.exe.vir 05.12.2005 14:08 154 log.~ 05.12.2005 12:25 82 key.~ 05.12.2005 12:25 2.118 data.~ 05.12.2005 12:24 557.108 awtsr.dll 04.12.2005 19:49 687.592 atmtd.dll 04.12.2005 19:49 687.592 atmtd.dll._ 04.12.2005 19:43 21.840 SIntfNT.dll 04.12.2005 19:43 17.212 SIntf32.dll 04.12.2005 19:43 12.067 SIntf16.dll 04.12.2005 19:36 236.032 wincntrl.exe.vir 04.12.2005 19:33 71 i 04.12.2005 19:17 90.624 uwhjjgm.exe 04.12.2005 19:15 147.225 tjpwqfuh.exe 04.12.2005 19:14 52.505 scvhost.exe.vir 04.12.2005 19:14 147.225 evjarn.exe 04.12.2005 19:14 90.624 dhyyo.exe 04.12.2005 18:57 0 TFTP3764 04.12.2005 18:52 25.941 NULL 04.12.2005 18:52 16.832 amcompat.tlb 04.12.2005 18:52 23.392 nscompat.tlb 04.12.2005 18:35 25.065 wmpscheme.xml 04.12.2005 18:31 324 $winnt$.inf 04.12.2005 18:28 2.951 CONFIG.NT 04.12.2005 18:26 488 WindowsLogon.manifest 04.12.2005 18:26 488 logonui.exe.manifest 04.12.2005 18:26 749 wuaucpl.cpl.manifest 04.12.2005 18:26 749 cdplayer.exe.manifest 04.12.2005 18:26 749 sapi.cpl.manifest 04.12.2005 18:26 749 nwc.cpl.manifest 04.12.2005 18:26 749 ncpa.cpl.manifest 04.12.2005 18:24 21.740 emptyregdb.dat 04.12.2005 18:19 0 h323log.txt 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 00:58 3.013.632 mshtml.dll 24.11.2005 00:58 1.022.464 browseui.dll 23.11.2005 05:00 778.240 DivXsm.exe 23.11.2005 05:00 4.276 divxsm.tlb 05.11.2005 04:16 606.208 urlmon.dll 05.11.2005 04:16 1.056.256 danim.dll 02.11.2005 00:44 127.574 tsuninst.exe 27.10.2005 20:37 53.248 dpuGUI10.dll 27.10.2005 20:37 86.016 dpl100.dll 27.10.2005 20:37 593.920 dpuGUI11.dll 27.10.2005 20:37 200.704 dtu100.dll 27.10.2005 20:37 339.968 dpus11.dll 27.10.2005 20:37 57.344 dpv11.dll 27.10.2005 20:37 294.912 dpu10.dll 27.10.2005 20:37 294.912 dpu11.dll 21.10.2005 04:40 664.064 wininet.dll 21.10.2005 04:40 474.112 shlwapi.dll 21.10.2005 04:40 448.512 mshtmled.dll 21.10.2005 04:40 146.432 msrating.dll 21.10.2005 04:40 530.944 mstime.dll 21.10.2005 04:40 39.424 pngfilt.dll 21.10.2005 04:40 96.768 inseng.dll 21.10.2005 04:40 251.392 iepeers.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2468-F584 Verzeichnis von C:\DOKUME~1\samet\LOKALE~1\Temp 06.01.2006 15:01 16.384 Perflib_Perfdata_9c0.dat 06.01.2006 15:00 16.384 ~DF43CD.tmp 06.01.2006 14:59 204 jusched.log 3 Datei(en) 32.972 Bytes 0 Verzeichnis(se), 33.607.585.792 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2468-F584 Verzeichnis von C:\WINDOWS 06.01.2006 15:01 590 win.ini 06.01.2006 14:33 806.532 setupapi.log 06.01.2006 08:36 0 0.log 06.01.2006 08:35 904.636 WindowsUpdate.log 06.01.2006 08:35 2.048 bootstat.dat 06.01.2006 06:46 32.518 SchedLgU.Txt 06.01.2006 06:45 51.701 iis6.log 06.01.2006 06:45 73.114 ntdtcsetup.log 06.01.2006 06:45 121.426 comsetup.log 06.01.2006 06:45 17.100 ocmsn.log 06.01.2006 06:45 1.355 imsins.log 06.01.2006 06:45 132.386 tsoc.log 06.01.2006 06:45 11.054 KB912919.log 06.01.2006 06:45 166.460 ocgen.log 06.01.2006 06:45 17.118 msgsocm.log 06.01.2006 06:45 331.702 FaxSetup.log 06.01.2006 06:45 15.445 updspapi.log 05.01.2006 01:17 69 NeroDigital.ini 01.01.2006 22:35 182.272 NDNuninstall6_98.exe 01.01.2006 22:31 50.688 NDNuninstall6_38.exe 01.01.2006 00:58 214 wiadebug.log 31.12.2005 21:17 50 wiaservc.log 30.12.2005 19:56 1.393 imsins.BAK 29.12.2005 21:05 42.192 wmsetup.log 29.12.2005 20:14 33.735 spupdsvc.log 29.12.2005 20:13 360 DtcInstall.log 29.12.2005 20:12 316.640 WMSysPr9.prx 29.12.2005 20:11 1.510 OEWABLog.txt 29.12.2005 19:58 434.556 svcpack.log 29.12.2005 19:52 200 cmsetacl.log 29.12.2005 19:50 1.330 sessmgr.setup.log 29.12.2005 14:29 27.909 xpsp1hfm.log 29.12.2005 14:29 37.049 KB828741.log 29.12.2005 14:26 33.914 KB835732.log 29.12.2005 14:21 22.953 Q329834.log 29.12.2005 14:20 24.416 KB823559.log 29.12.2005 14:19 22.385 Q329048.log 29.12.2005 14:18 20.720 KB834707-IE6-20040929.115007.log 29.12.2005 14:17 15.021 Q810577.log 29.12.2005 14:14 11.849 Q810833.log 29.12.2005 14:12 9.105 Q811630.log 29.12.2005 14:06 7.691 Q329441.log 29.12.2005 14:04 7.489 Q817606.log 29.12.2005 14:03 4.633 Q329170.log 29.12.2005 14:01 2.750 Q329115.log 29.12.2005 14:00 2.173 Q329390.log 29.12.2005 14:00 1.424 Q323255.log 29.12.2005 13:45 7.050 KB842773.log 29.12.2005 13:44 175.936 setupact.log 28.12.2005 16:49 116.807 DirectX.log 26.12.2005 18:58 211 uno.ini 05.12.2005 16:15 41.216 timessquare.exe.vir 05.12.2005 12:25 32.768 unstall.exe 05.12.2005 12:25 188 iaPXSWOD.ini 05.12.2005 12:24 2 tempf.txt 04.12.2005 19:53 33.376 DIIUnin.dat 04.12.2005 19:48 38 drsmartload.dat 04.12.2005 19:46 0 timessquare1.dat 04.12.2005 19:12 2.829 DIIUnin.pif 04.12.2005 19:12 102.400 DIIUnin.exe 04.12.2005 18:33 8.192 REGLOCS.OLD 04.12.2005 18:31 311 setuperr.log 04.12.2005 18:28 0 control.ini 04.12.2005 18:28 299.552 WMSysPrx.prx 04.12.2005 18:27 4.161 ODBCINST.INI 04.12.2005 18:27 240 Windows Update.log 04.12.2005 18:26 749 WindowsShell.Manifest 04.12.2005 18:23 37 vbaddin.ini 04.12.2005 18:23 36 vb.ini 04.12.2005 18:16 0 Sti_Trace.log 04.12.2005 18:13 1.348 regopt.log 04.12.2005 18:13 231 system.ini 21.10.2005 02:24 69.632 MRJJ.EXE.vir 21.10.2005 02:24 81.920 IEMonitor.ocx Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2468-F584 Verzeichnis von C:\ 06.01.2006 15:13 0 sys.txt 06.01.2006 15:11 7.384 system.txt 06.01.2006 15:08 403 systemtemp.txt 06.01.2006 15:06 91.482 system32.txt 06.01.2006 15:03 4.125 write.log 06.01.2006 15:02 262.918 preupd.log 06.01.2006 08:35 267.964.416 hiberfil.sys 06.01.2006 08:35 402.653.184 pagefile.sys 05.01.2006 22:52 53 direct.txt 29.12.2005 19:52 211 boot.ini 29.12.2005 19:27 47.564 NTDETECT.COM 29.12.2005 19:27 251.184 ntldr 05.12.2005 14:39 16.384 index1.exe.vir 05.12.2005 14:10 446 a.bmp 04.12.2005 18:52 597 TO_InstallLog.txt 04.12.2005 18:28 0 CONFIG.SYS 04.12.2005 18:28 0 AUTOEXEC.BAT 04.12.2005 18:28 0 MSDOS.SYS 04.12.2005 18:28 0 IO.SYS lg grueße aus dem berliner wedding... Dieser Beitrag wurde am 06.01.2006 um 15:28 Uhr von shylocc editiert.
|
|
|
||
06.01.2006, 15:54
Ehrenmitglied
Beiträge: 29434 |
#7
es hat keinen Sinn...es ist besser, du formatierst..da ist zuviel an Backdoors, Viren und Spyware versammelt...
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2006, 13:23
...neu hier
Beiträge: 2 |
#8
Kann mir jemand helfen ich hab Winfixer und Power scan.Ich kann das nicht löschen . Logfile of HijackThis v1.99.1
Scan saved at 13:21:22, on 07.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE D:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe D:\Programme\iPod\bin\iPodService.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe C:\Programme\ISTsvc\istsvc.exe C:\Programme\AVPersonal\AVSCHED32.EXE C:\Programme\SurfAccuracy\SAcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Gemeinsame Dateien\AOL\1134745239\ee\AOLHostManager.exe C:\Programme\Gemeinsame Dateien\AOL\1134745239\ee\AOLServiceHost.exe C:\Programme\Telekom\Eumex 504PC USB\Capictrl.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Ulead Systems\Ulead Photo Express 4.0 Meine Spezielle Edition\CalCheck.exe C:\Programme\4.0M MPEG4 DV\Console\Watch.exe c:\programme\gemeinsame dateien\aol\1134745239\ee\services\antiSpywareApp\ver2_0_13\AOLSP Scheduler.exe C:\Programme\Gemeinsame Dateien\AOL\1134745239\ee\AOLServiceHost.exe C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe C:\Programme\AOL 9.0\waol.exe C:\Programme\AOL 9.0\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\Jan Figler\Lokale Einstellungen\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nrg.co.il/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file) O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [routcnf] C:\Programme\Telekom\Eumex 504PC USB\routcnf.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [iTunesHelper] D:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [EumexInst] "G:\Setup.exe" O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Need for Speed Most Wanted crack.exe O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1134745239\ee\AOLHostManager.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: CAPIControl.lnk = ? O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ulead Photo Express Calendar Checker für Meine Spezielle Edition.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 Meine Spezielle Edition\CalCheck.exe O4 - Global Startup: Watch.lnk = C:\Programme\4.0M MPEG4 DV\Console\Watch.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5F26748F-1D19-4465-AA09-48394A09F8E0}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe |
|
|
||
07.01.2006, 15:39
Ehrenmitglied
Beiträge: 29434 |
#9
Lapas
wer so etwas laedt...ist selber schuld, wenn er sich den PC zerstoert.... Zitat I downloaded pirated Software from P2P and now I post my Hijack log whining öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file) O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Need for Speed Most Wanted crack.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDE PC neustarten KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\wuauclt10.exe C:\WINDOWS\system32\wudupdate.exe C:\WINDOWS\system32\smmss.exe C:\WINDOWS\system32\Need for Speed Most Wanted crack.exe PC neustarten deinstallieren/loeschen C:\Programme\SurfAccuracy C:\Programme\ISTsvc stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu ----------------------------------------------- ewido--> kopiere hier den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2006, 21:08
...neu hier
Beiträge: 2 |
#10
Sabina vielen Dank für Deine hilfe. Lapas
|
|
|
||
wer kann helfen dieses äußerst hartnäckige Ding loszuwerden ( die Anleitungen in den anderen Foren brachten leider keine Ergebnisse).
DANKE
Mein log sieht wie folgt aus
Logfile of HijackThis v1.99.1
Scan saved at 23:46:12, on 01.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
d:\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Java\jre1.5.0_02\bin\jusched.exe
D:\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Downloaded Program Files\UWFX5U_0001_N56M1711NetInstaller.exe
D:\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Dokumente und Einstellungen\Harzheim\Eigene Dateien\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.de/nwshp?hl=de&tab=wn&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.de/nwshp?hl=de&tab=wn&q=
F3 - REG:win.ini: load=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\programme\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AWMON] "D:\F-Secure Anti-Virus\Anti-Spyware\Ad-Monitor.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\Excid.com Aps\eTrust Antivirus Registration\EzAntivirusRegistrationCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NI.UWFX5U_0001_N56M1711] "C:\WINDOWS\Downloaded Program Files\UWFX5U_0001_N56M1711NetInstaller.exe" -nag
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - Startup: Quicken 2003 Zahlungserinnerung.lnk = D:\Quicken2003\billmind.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120498919984
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134064727843
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.151.42.188:89//activex/AMC.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all01.kundenserver.de/app/static/activex/msxml4.cab
O23 - Service: AntiVir Service (AntiVirService) - Unknown owner - C:\Programme\AVPersonal\AVGUARD.EXE (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Programme\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norman Type-R - Unknown owner - d:\Norman\NPF\NPFSVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)